Test ID:	1.3.6.1.4.1.25623.1.0.60598
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:071 (krb5)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to krb5 announced via advisory MDVSA-2008:071. A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063). This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. The updated packages have been patched to correct these issues. Affected: Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:071 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0062 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 28303 http://www.securityfocus.com/bid/28303 Bugtraq: 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc (Google Search) http://www.securityfocus.com/archive/1/489761 Bugtraq: 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/489883/100/0/threaded Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/493080/100/0/threaded CERT/CC vulnerability note: VU#895609 http://www.kb.cert.org/vuls/id/895609 Debian Security Information: DSA-1524 (Google Search) http://www.debian.org/security/2008/dsa-1524 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml HPdes Security Advisory: HPSBOV02682 http://marc.info/?l=bugtraq&m=130497213107107&w=2 HPdes Security Advisory: SSRT100495 http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496 http://www.redhat.com/support/errata/RHSA-2008-0164.html http://www.redhat.com/support/errata/RHSA-2008-0180.html http://www.redhat.com/support/errata/RHSA-2008-0181.html http://www.redhat.com/support/errata/RHSA-2008-0182.html http://www.securitytracker.com/id?1019626 http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories/29457 http://secunia.com/advisories/29462 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/29663 http://secunia.com/advisories/30535 SuSE Security Announcement: SUSE-SA:2008:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://www.ubuntu.com/usn/usn-587-1 http://www.vupen.com/english/advisories/2008/0922/references http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1102/references http://www.vupen.com/english/advisories/2008/1744 XForce ISS Database: krb5-kdc-code-execution(41275) https://exchange.xforce.ibmcloud.com/vulnerabilities/41275 Common Vulnerability Exposure (CVE) ID: CVE-2008-0063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 http://www.securitytracker.com/id?1019627 XForce ISS Database: krb5-kdc-kerberos4-info-disclosure(41277) https://exchange.xforce.ibmcloud.com/vulnerabilities/41277
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.